This article is long but worth the read if you use a USB to charge your vape.


This week, a story emerged on the social news aggregation website Reddit about a new form of malware, one that had been packaged with the USB charger manufactured by an unknown Chinese company and sold by a random lackey on the auction portal eBay.

According to the forum (known as a “subreddit”) r/TalesFromTechSupport, an IT administrator was called up to his boss’s office after he complained his desktop had been running slowly, and acting strangely over the past week. The tech went through the usual line of questioning, finding out if he’d opened up any dodgy email attachments, visited any sites out of the ordinary, or downloaded files from a source he didn’t recognize beforehand.

After none of these came up with a hit, the tech then asked if the executive had gone through any “major life changes recently”, usually considered the last possible culprit when no other possibilities make sense.

“Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answer “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”.

And there they found their answer. Apparently the exec had purchased his charger from an unknown seller on eBay, who was putting them out at a severely discounted price, likely in a bid to get as many out on the wires as he could before the jig was up.

“The made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.”

The news comes just a few months after the reveal of a malware known as BadUSB, an absolutely terrifying bit of code which can hide on almost any device that uses a USB cable or dongle to attach itself to your machine, regardless of whether it has onboard memory or not.

As these types of threats become more popular, users will need to start being extra cautious about what devices get plugged in on a daily basis. Everything from keyboards to flash drives are now at risk of being exploited, and as long as there’s a market out there for fresh vectors to work with, hackers will keep paying top dollar for the easiest and stealthiest way to find a way in.

Examples like these just show that malware can come from anywhere these days, and almost always from where you least expect it. As more of the obvious holes and points of entry get plugged by security software, hackers are coming up with increasingly inventive ways to get themselves embedded in your machines through whatever means necessary.

While it’s unlikely we’ll see this type of attack take off anywhere in the near future, it’s still interesting to see such an inventive and unique method of approach being used by an independent hacker.

And though you shouldn’t be overly paranoid of the scheme showing up on your antivirus scan anytime soon, it’s never a good idea to plug in unrecognized or third party peripherals into your computer unless you absolutely have to. If something can be charged via the wall socket, opt to go that route instead, and save yourself the headache that comes with quitting smoking and trying to clean up an infected computer both at the same time.

Fourth time I've seen this type of "story" in the past 2 years. Never name the company, never ggives specific details. I call bs, but at least this version didn't have a built in ad for "the only software on the market that can catch this kind of infection". Sounds like more "the sky is falling" crap to me.

lots of tech papers about the Badusb malware

I agree it's possible, but without specific evidence, it seems like someone has decided to put out a fear/smear campaign.

ETA:
If anyone has one, I'd love to disassemble it, both physically and electronically.

Do you really think that IT asks people "Have there been any changes in your life recently?" when trying to figure out why a computer is acting up?

just another reason why e-cigs and vaping are fucking stupid.

Such eloquence.

You really expected more from a '13er?

No feedback. No subscription.  He doesn't even exist.

Just wanted to let my fellow vapers know in case it's not bs

STFU and GTFO.

I love that movie.

By your logic the entire internet is fucking stupid... which is fucking stupid.

I love this gif Which movie is it from?

Hot Fuzz.

You and Mouse should watch it.



Posted Via AR15.Com Mobile

what dog poop

It falls within the realm of possibility. A few years back those digital picture frames were being sent out with a virus on them. So this is something that is remotely possible, but I kind of doubt it, and I did read that story on the subreddit. I think the guy was just looking at pr0n and didn't want to be caught.

I've heard about the US Govt buying security compromised components as well.



You think China really gives a fuck what's on Grandma's laptop? Cuz I really kinda doubt it.

What are you worried about, identity theft?



Considering just about every bank, and every store you shop at...

our Government's super-information-highway-of-healthcare, all having been compromised,

 I think a USB shit is the least of anyone's real worries.



Nothing leaving your keyboard is really safe when you have no clue where it's going, how it's stored, how it's protected, and who may be intercepting it and then doing who knows what with it from there. Act accordingly.





 

Yeah this one just doesn't pass the smell test. Most ecigs aren't exactly sporting a whole lot of memory, and if you were going to spend the effort to embed a virus in a usb device your time would be better spent sticking it on something that has a wider market.

Buy a wall outlet that has a usb charging port.  Leviton and Hubbell make them.  

Most smartphones use a USB wall charger block, too.  You can use those to charge your e-cig.

Posted Via AR15.Com Mobile

long good watch